Building an EASA Compliant Security Risk Register as Part of our Safety Management System (SMS)

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 256

Sofema Aviation Services (SAS) considers the importance of managing the risks in a systematic and controlled way using a Risk Register as the Fundamental Tool.

Hazard identification is the foundation of the risk management process in an SMS and may be conducted reactively, proactively, and even predictably. A Hazard is something with the potential to cause harm, and a risk is the potential outcome of a hazard.

What is the difference between a Safety System Hazard Register and a Risk Register?

A hazard register is a source of information from which we can consider the risks, whereas a risk register contains information related to the nature of the risk (clearly a risk register serves a higher purpose)

The Visibility of Hazards

» Visible hazards – Are essentially obvious: they can be observed, smelt, heard, tasted or felt.
» Hidden hazards (Sometimes known as latent hazards) are not so easily understood and can relate to either physical hazards such as electricity or non-physical related to poor training, stress, etc.

An Effective Risk Register Process can support the following SMS Analysis:

»  ‘Reactive’ risk management (incident investigation)
»  ‘Proactive’ risk management (Used to identify potential risks)
»  ‘Predictive’ risk management (supported by Data to identify the area of exposure)

As part of the development of an EASA compliant SMS related to the Safety Management System will benefit from the development and continuous monitoring of a Risk Register. 

A risk register is a crucial part of your approach to managing these risks. It's a tool to help you identify, assess, and record your risks and the actions you're taking to eliminate or minimize them.

For each of the following items perform a risk assessment and ask the questions which help you determine the level of exposure that currently exists in your organisation by asking for each item the following 5 questions:

» Is this an issue in our organisation?
» If it is not considered an issue, how can I demonstrate it – where is the evidence?
» How can I measure the effectiveness of the current process?
» How effective is documentation/training?
» If there are changes in this element how effective would the system accommodate the changes?

Examples of Security hazards which can be risk assessed for your organization:

» Direct Threats
» Indirect Direct threats
» Threats to seize hostages
» Armed Attacks
» Passenger Security
» Aircraft Security
» Baggage Security
» Cargo Security
» Sabotage Threats
» Leadership commitment and planning
» Accountability and responsibilities
» Resource management
» Coordination of law enforcement agencies
» Security training and awareness campaigns
» Management of change
» Threat assessment and risk management
» Incident reporting
» Incident management
» Management of emergencies and incidents
» Role of security in emergency response procedures
» Communication guidelines
» Incident response
» Quality assurance and quality control of Security Services 
» Security Management of service providers
» Performance monitoring procedures and reporting
» Continuous improvement of Security System Processes

Next Steps

Sofema Aviation Services and Sofema Online provide multiple training courses related to Safety Management System Risk and Hazard Training Courses. For additional information please see our websites or email

Last modified on